I just published a new release of Snuffleupagus, the hardening module for php7+ and php8+, the version 0.7.1, codename "Proboscideans", named after the taxonomic order of the Elephants.

No impressive or groundbreaking new features, but a maintenance release: more stable, and with fewer bugs.

Changelog

• Fixed possible memory-leaks when hooking via regular expressions
• Modernise the code by removing usage of strtok
• Prevent a possible crash during configuration reloading
• Fix the default rules to catch dangerous chmod calls
• Improve compatibility with various libpcre configurations/versions
• Improve the default rules' compatibility with php8
• Prevent XXE in php8 as well
• Improve a bit the verbosity of the logs
• Add a rules file for php8

As usual, if you want to help, we have some low hanging fruits ♥

See you in your PHP stack!